Most organizations would prefer centralized auth. When a person resigned his / her email id is deactivated on priority bases, same can be done with openvpn. If same user is being authenticated from existing mail server, it will same time for sys admins to remove access from different places.
compile auth-pam from openvpn source
cd /root/openvpn-2.1.3/plugin/auth-pam make cp openvpn-auth-pam.so /etc/openvpn/ |
download & install pam_pop3
tar zxvf pam_pop3-1.0.tar.gz yum install gcc pam-devel -y cd pam_pop3 make cp pam_pop3.so /lib/security/ |
append following in server.conf
plugin /etc/openvpn/openvpn-auth-pam.so "pop3" |
Content of pop3 pam.
cat /etc/pam.d/pop3 auth required /lib/security/pam_pop3.so hostname=pop.linuxreaders.com info pwprompt=Passwort: timeout=20 account optional pam_permit.so |
This is all needs to be done at server end. at client end append following line in client.conf
auth-user-pass |
Now, while connecting you’ll get prompt to enter username & password. No need to enter domain name. e.g @linuxreaders.com
Fedora – How to change boot sequence -Grub2